The 31% Problem: Shadow AI Training Gaps Are Now an Insider Risk
The 2026 DTEX/Ponemon Cost of Insider Risks Global Report ranked shadow AI as the leading driver of negligent insider incidents — ahead of unmonitored file sharing, personal webmail, and every other category on the list. That shift reorders the priorities every CISO inherited a year ago. The average annual cost of insider incidents is $19.5 million. 92% of organizations say generative AI has changed how employees share information; only 13% have integrated AI into their formal business strategy. The gap between behavior and policy is the entire problem in one sentence.
The Kiteworks 2026 Forecast Report places shadow AI in its top-five AI security risk cluster and rates control maturity as “very weak” with the blunt note that “few have discovery tools.” Most security teams cannot list, in writing, which AI services their workforce is using this week.
5 Key Takeaways
1. Shadow AI just became the leading negligent insider driver.
DTEX/Ponemon’s 2026 data names it the top contributor to negligent incidents — ahead of unmonitored file sharing and personal webmail. That reclassifies a problem most security programs still treat as a side issue. At $19.5 million annually per organization, it is the single largest unmanaged cost in the insider risk portfolio, and the data loss pathways it creates are structurally invisible to most security stacks.
2. The training gap is the gap.
Lenovo’s Work Reborn Research Series 2026, based on a survey of 6,000 enterprise employees globally, found 31% of AI users receive no formal AI training from their employer — even as up to one-third already use AI outside IT governance. Untrained users do not make safer choices on their own. Without knowing what counts as regulated data or which tools are sanctioned, the governance gap closes only when the data is already gone.
3. The two-track workforce is real.
Lenovo documents a workforce splitting in two: IT-equipped employees with managed tools and oversight, and independent users on consumer AI services. The second track is where regulated data leaks. Only 13% of organizations have formally integrated AI into their business strategy despite 92% acknowledging AI has changed information-sharing behavior — meaning the second track is widening faster than the first track can absorb it.
4. Visibility is missing where it matters most.
Only 36% of organizations have any visibility into how third parties handle data inside AI systems. Discovery tools for shadow AI specifically are rarer still. The Kiteworks 2026 Forecast rates shadow AI control maturity as “very weak” because most organizations are running on self-report — asking employees to disclose which AI tools they use and trusting the answers. Untrained employees self-reporting on tools they have no AI governance literacy for is not a control.
5. The fix is governed productivity, not bans.
AI bans push usage into the second track and accelerate the leak. Data-layer governance — zero-trust access, ABAC enforcement, content-level least privilege — preserves productivity and closes the exposure. The goal is to make the sanctioned AI path more frictionless than the workaround. That is the only intervention the data supports.
You Trust Your Organization is Secure. But Can You Verify It?
Why Lenovo’s 31% No-Training Stat Matters More Than the Adoption Numbers
The training stat is the operative finding because adoption stats describe what employees are doing while the training stat describes whether they have any chance of doing it safely. Lenovo documents the structural pattern underneath the number: the workforce splitting into employees equipped with IT-managed tools, training, and oversight — and employees operating independently with consumer AI services. The first group is governed. The second group is where leaks come from.
Pair that with a separate finding from the Cisco 2024 Data Privacy Benchmark Study of 2,600 professionals: 48% admitted entering non-public company information into GenAI tools. Untrained users are also un-coached on what counts as non-public. They are not making bad decisions on purpose. They are making the only decisions they know how to make.
That is the working definition of negligent insider risk. Not malice — a workforce asked to deliver AI-driven productivity without being shown the guardrails. The 31% is the symptom; the absent guardrail architecture is the disease.
How Shadow AI Differs From Shadow IT — and Why It Is Worse
Shadow IT was a software inventory problem. Shadow AI is a data egress problem. When a finance analyst stood up an unsanctioned SaaS tool in 2018, the data usually stayed inside the tool’s database. With shadow AI, the data leaves the building the moment the prompt is submitted. A consumer LLM takes the prompt, processes it, and may use it for training or logging depending on terms most employees have never read.
The CrowdStrike 2026 Global Threat Report documented an 89% year-over-year increase in AI-enabled adversary attacks. Defenders are already racing to keep up. Shadow AI adds a second exfiltration channel — one staffed entirely by the defender’s own employees, operating in good faith, sending regulated data to non-enterprise endpoints because nobody told them not to. The DTEX research lists three dominant contributors to negligent risk: unmonitored file sharing, personal webmail, and shadow AI. The first two are decades-old categories with well-understood controls. Shadow AI is the new entry, and the controls are not in place at most organizations.
What CISOs Are Actually Missing in the Visibility Layer
The visibility numbers around AI are worse than the headline charts suggest. The Kiteworks 2026 Forecast finds only 36% of organizations have any visibility into how partners handle data in AI systems. The other 64% are trusting contracts and questionnaires. That is not visibility — it is paperwork. The same report puts third-party AI vendor handling at the top of the AI security concern list, cited by 30% of organizations as the #1 issue. The risk is named. The visibility is missing.
For shadow AI specifically, discovery tooling is even thinner. Control maturity is rated “very weak” with the explicit note that “few have discovery tools.” The WEF report “AI and Cyber: Empowering Defenders”, developed with KPMG across 84 organizations in 15 industries, found 94% of cyber leaders consider AI the key influence in cybersecurity. That belief has not yet translated into deployed visibility on the data-egress side. CISOs see AI as transformative for defense; they have not yet built the defense around AI’s data path.
Why Banning AI Pushes the Risk Into the Wrong Track
A ban does two things. It flips the productivity-conscious half of the workforce into workarounds — personal devices, mobile networks, copy-pasted screenshots, free-tier accounts on platforms IT has never heard of. And it creates a credibility gap with the half using AI to do real work. Both groups end up in Lenovo’s “second track.” The ban accelerates the exact pattern it was meant to prevent.
The Thales 2026 Bad Bot Report found automated traffic accounted for 53% of all observed internet traffic in 2025. AI agents have emerged as a third category moving data on behalf of human identities at machine speed. Bans do not reach that layer. The architectural answer is to make the governed track easier to use than the second track: enterprise AI tools with content-layer access controls, trained workforce, and logged interactions at evidence quality.
The Architecture That Closes the Gap: Governed AI Data Access
The fix is not a policy memo — it is a control plane. Data-layer governance is the architectural pattern that closes the shadow AI gap without breaking productivity. Three properties make a control plane fit for AI:
Content-layer least privilege. Authorization follows the data, not the user identity. An employee cleared for one HR record is not cleared for the entire HR repository, and an AI assistant acting on that employee’s behalf inherits the same per-record limits. Most existing access stacks were built around folder-level roles that do not survive contact with retrieval-augmented generation, where an AI agent can read across a corpus in milliseconds.
Discovery and classification on the egress path. Shadow AI is invisible until a prompt crosses an enterprise boundary. The control plane must inspect outbound traffic for AI endpoints, classify the content being sent, and enforce policy inline. The Kiteworks 2026 Forecast’s “few have discovery tools” finding is precisely the gap a real control plane fills.
Evidence-quality audit trails. The Kiteworks 2026 Forecast finds 33% of organizations lack adequate audit trails and 61% have fragmented logs that are not actionable. When a regulator or plaintiff asks who accessed what, through which AI agent, the answer needs to be a single queryable record — not a reconstruction across nine systems. The Kiteworks AI Data Gateway provides governed access, content-layer enforcement, and evidence-quality logs across email, file sharing, MFT, SFTP, web forms, and AI traffic in a single control plane.
What CISOs Should Do This Quarter
First, run a shadow AI discovery sprint. Inventory the AI services your workforce is actually using — not the sanctioned ones, the ones egress logs, browser telemetry, expense reports, and anonymous surveys reveal. The Kiteworks 2026 Forecast’s “few have discovery tools” finding means most CISOs must assemble this from existing telemetry. Do it anyway — you cannot govern an inventory you do not have.
Second, close the training gap. 31% of AI users receive no formal AI training. Mandatory short-form training on what counts as regulated data, what a sanctioned AI tool is, and the consequences of mixing the two. Pair it with a published approved-services list so employees can self-correct without escalating.
Third, route AI traffic through a control plane. Traffic to enterprise AI flows through governed infrastructure with content-layer access controls, classification at the egress point, and full audit logging. Traffic to non-sanctioned AI is blocked or quarantined with a clear inline message pointing to the alternative. 61% of organizations are on fragmented data exchange infrastructure that cannot support evidence-quality audit trails — that is the single biggest infrastructure gap to close.
Fourth, fix the third-party AI visibility problem. Only 36% have visibility into partner AI handling. Add AI-specific clauses to top-tier vendor contracts: training data usage, retention, sub-processor disclosure, incident notification. Then verify the answers — questionnaires alone are not oversight.
Fifth, integrate AI events into your insider risk program. DTEX’s reclassification of shadow AI as the top negligent driver should change how your team triages alerts. AI-related anomalies — unusual prompt volume, sensitive content in outbound prompts, repeated non-sanctioned service usage — belong in the same workflow as suspicious file sharing and personal webmail egress.
To learn more about protecting your sensitive data from AI ingestion, schedule a custom demo today.
Frequently Asked Questions
Bans push AI usage onto personal devices, mobile networks, and free-tier accounts the security team cannot see. DTEX/Ponemon 2026 ranks shadow AI as the leading negligent insider driver precisely because the workforce works around bans rather than abandoning AI. Only 36% of organizations have visibility into how partners handle data in AI systems. Replace the ban with a governed AI Data Gateway alternative — make the sanctioned path frictionless and the unsanctioned path blocked.
Pair Lenovo’s 31% no-training finding with the DTEX/Ponemon 2026 average insider cost of $19.5 million per organization annually. Then bring your own discovery numbers — the percentage of AI usage flowing through governed infrastructure versus the second track. The Kiteworks 2026 Forecast rated shadow AI control maturity as “very weak” with few discovery tools. The board metric is not AI adoption; it is the percentage of AI interactions producing a defensible audit trail.
Yes. CMMC Level 2 access control families require enforced authorization on every system touching CUI, and consumer AI services are not authorized systems. 61% of organizations are on fragmented data exchange infrastructure that cannot support evidence-quality audit trails — the architecture CMMC assessors examine. Route AI traffic through a governed control plane with ABAC access controls and tamper-evident logging before the assessment, not during it.
Shadow AI creates uncontrolled cross-border data transfers and undocumented processing — triggering GDPR Article 30 record-keeping obligations and U.S. state privacy law disclosure requirements. The Kiteworks 2026 Forecast finds 29% of organizations cite cross-border AI transfers as a top exposure. Without evidence-quality audit logs, organizations cannot demonstrate the lawful basis, purpose limitation, or transfer mechanism regulators require.
Egress visibility with policy enforcement on the AI endpoint path. Inventory which AI services your workforce is reaching, classify the content being sent, and block or quarantine non-sanctioned destinations with an inline redirect to the approved alternative. The Kiteworks Private Data Network implements this pattern — discovery first, then governed enforcement across email, file sharing, MFT, SFTP, and AI traffic in a single control plane.
Additional Resources
- Blog Post
Zero‑Trust Strategies for Affordable AI Privacy Protection - Blog Post
How 77% of Organizations Are Failing at AI Data Security - eBook
AI Governance Gap: Why 91% of Small Companies Are Playing Russian Roulette with Data Security in 2025 - Blog Post
There’s No “–dangerously-skip-permissions” for Your Data - Blog Post
Regulators Are Done Asking Whether You Have an AI Policy. They Want Proof It Works.